To use our site, you agree to the use of cookies and data processing according to our privacy statement.

Internet of Things – embedded devices

Riscure is an exceptional team of experts offering security robustness evaluation and certification services as well as tools and training for embedded devices development for over 20 years.

Internet of Things (IoT) refers to a wide variety of embedded and connected devices that are used in various application areas. IoT devices include consumer and retail products such as toys, cameras, smart locks and tags; industrial devices (PLC, IED, switches, and routers); health care products (PET, CET scans and MRIs, glucose monitors, pacemakers, CPAP machines, and other); and devices used in utilities infrastructure (such as smart meters).

While use cases are varied, the security technology and concepts are quite similar. Due to those similarities, various standards and requirements in these domains are easily adopted and used by security experts of Riscure.

IoT – Industrial embedded components

The international standard IEC 62443 for Industrial Automation and Control Systems (IACS) addresses the increasing risk for cyberattacks on the number of connected controllers, machines, devices, and sensors. The standard set covers security processes, system security as well as security of the system components (devices and software). For components, the security standard covers a secure product life cycle as well as technical security component requirements.

By focusing on components, the standard IEC 62443-4-1 and IEC 62443-4-2 assists automation project managers and equipment vendors through the process of securing industrial control systems against intentional or unintentional threats by communicating the security capabilities of devices and software used in these systems.

With ISA/IEC 62443 compliance, OEMs provide assurance to their customers that they will be able to build secure systems. By performing certification of products, OEMs can also demonstrate that the product has been independently evaluated to provide additional assurance and that the product has robust security architecture and is resistant to security threats. Through security assurance, OEMs also provide confidence to end-users that their products comply with higher standards for safety.

Riscure offers independent security evaluation and certification services for IIoT OEMs and component vendors producing embedded devices (ED) as well as Network Devices (ND) and components. Riscure can cover components such as Programmable Logic Controller (PLC), Safety Instrumented System (SIS) controller, Distributed Control System controller (DCS), firewall, router, gateway, and switch. We also cover SESIP certification of chipsets and platforms (microcontrollers) that provide security functions to the device with the mapping to the relevant IEC 62443-4-2 requirements. Next to evaluation and certification, Riscure also offers consulting services on how to reach the desired security level and which requirements need to be fulfilled on that path.

IoT – Platforms and components

Riscure’s extensive experience with the security evolution of chipset/platforms and components covers most of the needs of IoT chipset and platform vendors.

As a chipset, and the platform that is created around it, forms the base on top of which device functionality gets implemented, it also provides the security foundation for that device. Therefore, the market is searching for ways to assess the security provided by these components. Riscure is actively participating in creating an environment where the security benefits of chipsets and components can be leveraged by device makers. Such evaluations, and especially certification, give device makers the confidence that these components can be relied on and give the component manufacturers an opportunity to market the security level of their products.

Riscure is an accredited evaluation laboratory for Common Criteria, PSA Certified, SESIP, and Global Platform security evaluations. With significant experience also coming from other markets such as the payments industry and content protection, and because of the unique combination with training and tools focused on chipset/platform vendors, Riscure is the number one choice for silicon vendors.

IoT – Consumer & Retail

Riscure has evaluated a significant number of consumer and retail devices in the past 20 years. Even before any regulation or certification was available, Riscure was working with developers to improve the security level of consumer and retail devices.

Government regulations are starting to address the security of the consumer devices segment. Most of the governments are starting with standards that are not directly legally enforced. This is to not immediately create enormous stress on the developing companies. However, there is the intention to shift to enforcing these standards at a certain point. A few legislators around the world have decided to enforce it immediately. As vendors are preparing to comply with such regulations, Riscure is a unique partner for IoT developers because of its experience from past evaluations combined with its thorough knowledge and understanding of well-recognized standards for consumer IoT devices (ETSI EN 303 645 and NIST NISTIR 8259.

If you are building a brand and want to use security as a differentiator or are interested in using certification to address future legislation and potential liability, consult Riscure to help you answer your security questions.

IoT – Smart grid and smart meters

Smart Metering is being implemented in many countries around the world. The European Parliament mandates Smart Metering to be implemented by 2022, while the US Government considers Smart Metering key to national efforts to further energy independence.

Riscure has a significant track record of smart meter security evaluations according to the Dutch smart meter security requirements. Riscure can help you address all relevant security questions concerning smart grid products. From design reviews to help your development team deliver a secure solution, all the way to testing the final product for standards compliance and/or your own security requirements review.

Network and IoT

Security on the device level and network security go hand in hand. The security of devices with network connectivity, such as switches, routers, modems, and gateways, can influence the security of local as well as wider area networks. Riscure worked with many vendors and operators to test and demonstrate the security robustness of these IoT devices.

Next to traditional networks, 5G networks are quickly getting deployed, redefining device connectivity. In addition to the existing security challenges of a cellular network, any 5G development has to incorporate the emerging security aspects that concern Multi-access Edge Computing (MEC) services, lawful interception functionality, general availability of software and APIs to users. Often seen as the critical technology for economical well-being, 5G will also be integrated into adjacent industries such as automotive, where it uses V2X communication concepts.

Riscure has more than 20 years of experience in networking device security testing. Riscure also works together with Keysight, which offers our customers a combination of device testing tools and services, with device interfacing and network simulation tools.

IoT – Healthcare device security

Compared to other industries, healthcare device security has not progressed in all regions at the same level. However, some inquires arrived at Riscure’s doorstep over time. For example, Riscure has evaluated doctor and patient authentication protocols, which often form the foundation for a secure data flow and use of connected devices and systems.


With USA FDA cybersecurity recommendations and European MDCG 2019-16 (MDR, IVDR), and IEC/TR 60601-4-5, mostly focusing on security process and basic security concepts, the security relevance is recognized within the field. It is expected that in the future, the security of medical devices will take a large leap to protect the patient’s safety and privacy.


If you are in the process of developing medical IoT devices and would like to learn more about security and security regulations in this domain, Riscure can support you.


Next to training, advisory, testing, and certification-related activities already mentioned, Riscure supports solution developers with embedded security knowledge for adjacent IoT markets such as transportation, public safety and security (smart locks, cameras), and smart cities.

  • Contact us
  • Pascal van Gimst

  • Vice President Global Services Sales and Business Development